Vulnerabilities > Westerndigital

DATE CVE VULNERABILITY TITLE RISK
2020-12-12 CVE-2020-29654 Uncontrolled Search Path Element vulnerability in Westerndigital Dashboard
Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
6.9
2020-12-12 CVE-2020-29563 Improper Authentication vulnerability in Westerndigital MY Cloud OS 5
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118.
network
low complexity
westerndigital CWE-287
7.5
2020-12-01 CVE-2020-28971 Improper Input Validation vulnerability in Westerndigital MY Cloud OS 5
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115.
network
low complexity
westerndigital CWE-20
7.5
2020-12-01 CVE-2020-28970 Unspecified vulnerability in Westerndigital MY Cloud OS 5
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115.
network
low complexity
westerndigital
7.5
2020-12-01 CVE-2020-28940 Unspecified vulnerability in Westerndigital MY Cloud OS 5
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
network
low complexity
westerndigital
7.5
2020-11-18 CVE-2020-13799 Authentication Bypass BY Capture-Replay vulnerability in Westerndigital products
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe.
local
low complexity
westerndigital CWE-294
4.6
2020-10-29 CVE-2020-27744 Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware 04.05.00320
An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114.
network
low complexity
westerndigital CWE-269
7.5
2020-10-27 CVE-2020-27160 Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware 04.05.00320
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).
network
low complexity
westerndigital CWE-269
7.5
2020-10-27 CVE-2020-27159 Improper Input Validation vulnerability in Westerndigital MY Cloud Firmware 04.05.00320
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114
network
low complexity
westerndigital CWE-20
7.5
2020-10-27 CVE-2020-27158 Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware 04.05.00320
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.
network
low complexity
westerndigital CWE-269
7.5